From e28ad0ab2dfccf8f962a621669558569a8246bad Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Tue, 2 Feb 2021 20:41:31 +0100
Subject: [PATCH] Validate comnpay payments on another host

---
 cotisations/payment_methods/comnpay/models.py | 8 ++++----
 portail/views.py                              | 5 ++++-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/cotisations/payment_methods/comnpay/models.py b/cotisations/payment_methods/comnpay/models.py
index ef0c6cf5..8a7a7736 100644
--- a/cotisations/payment_methods/comnpay/models.py
+++ b/cotisations/payment_methods/comnpay/models.py
@@ -73,7 +73,7 @@ class ComnpayPayment(PaymentMethodMixin, models.Model):
         else:
             return "https://secure.homologation.comnpay.com"
 
-    def end_payment(self, invoice, request):
+    def end_payment(self, invoice, request, accept_host=None, refuse_host=None, ipn_host=None):
         """
         Build a request to start the negociation with Comnpay by using
         a facture id, the price and the secret transaction data stored in
@@ -84,12 +84,12 @@ class ComnpayPayment(PaymentMethodMixin, models.Model):
             str(self.payment_credential),
             str(self.payment_pass),
             "https://"
-            + host
+            + (accept_host or host)
             + reverse(
                 "cotisations:comnpay:accept_payment", kwargs={"factureid": invoice.id}
             ),
-            "https://" + host + reverse("cotisations:comnpay:refuse_payment"),
-            "https://" + host + reverse("cotisations:comnpay:ipn"),
+            "https://" + (refuse_host or host) + reverse("cotisations:comnpay:refuse_payment"),
+            "https://" + (ipn_host or host) + reverse("cotisations:comnpay:ipn"),
             "",
             "D",
         )
diff --git a/portail/views.py b/portail/views.py
index d2c7e304..eadd240d 100644
--- a/portail/views.py
+++ b/portail/views.py
@@ -30,6 +30,7 @@ to redirect all requests to /portail/.
 The app provides new views to sign in and buy articles, to avoid
 accessing to the full Re2o.
 """
+from django.conf import settings
 
 from cotisations.models import Facture, Vente
 from cotisations.utils import find_payment_method
@@ -103,7 +104,9 @@ class SignUpView(CreateView):
 
         # POOP CODE, pliz Re2o
         # End the payment process, it mays redirect to ComNPay
-        return payment_method.end_payment(invoice, self.request)
+        # We don't assume that the captive portal can be accessed from the whole web,
+        # then we provide to ComNPay another domain to validate the invoice
+        return payment_method.end_payment(invoice, self.request, settings.ALLOWED_HOSTS[0])
 
     def get_success_url(self):
         return reverse_lazy("users:profil", args=(self.object.pk,))